– Jerónimo Palacios (@giropa832) June 6, 2022
Apparently, he received an email supposedly from ING saying that he had to register his device to verify operations. He did not notice one of the first elements that must be taken into account to validate sender identity: the email address they are sending from. Despite coinciding in format and being well written, this would have served to see in the first place that they were impostors, since they sent it from ing@indirect.es
This email informed of the need to update a validation device to adapt to the normativa PSD2 (Payment Services Directive). Coincidentally, a few weeks ago the user received a legitimate notice that he had connected from an unknown device, so registering a new trusted device sounded consistent for his personal case.
He too INCIBE (National Cybersecurity Institute) has warned of a campaign to send fraudulent emails of the malware distribution type that try to supplant Banco Santander through a supposed electronic invoice.
With subject patterns in the mail such as “your bill arrived”, “electronic bill”, “your bill is already available”, “overdue bill” or “pending payment”, they pass themselves off as Santander and, if accessed, infect the victim’s device with malware identified as Grandoreiro, a banking Trojan which could allow cybercriminals to perform actions such as manipulating windows, logging keystrokes, and obtaining addresses from the victim’s browser, among others.
missed call scam
Although it is not a new phone scam, the Civil Guard has again alerted about the missed call scam. It occurs when we receive a very short missed call from foreign telephone codes such as +355 (Albania), +225 (Ivory Coast), +233 (Ghana) and +234 (Nigeria).
Do you know the missed call scam? 📞
Don’t return misses of these prefixes:
355 👉 Albania
225 👉 Ivory Coast
233 👉 Ghana
234 👉 NigeriaThey will charge you a special rate. pic.twitter.com/tVIinOZ4ZC
– Civil Guard 🇪🇸 (@guardiacivil) June 6, 2022
As the saying goes, “curiosity killed the cat.” When we call back, we are really calling a premium rate numberof which the scammer takes a part.
Trojan SMS
Just like informs the Internet Safety Officea new malware distribution campaign has been detected in Spain that aims to subscribe users to premium services and make premium-rate calls.
Hidden among greedy programs of difficult credibility such as applications to hack games, adult content websites or free streaming services is the TrojanSMS malware, which the company that has identified it (Avast) has named SMSFactory.
⚠️#ALERT‼️ Malware distribution campaign detected through malvertising (#malvertising) whose objective is to subscribe users to premium services and make premium rate calls. #NoPiques
ℹ️ More information 👇https://t.co/h9kedXPKPJ pic.twitter.com/DsjiXA98eQ
– Civil Guard 🇪🇸 (@guardiacivil) June 8, 2022
This is distributed through malicious advertising, present on advertising pages (malvertising), redirects the user to download an application through which, supposedly, they access that content and, once installed, it does not offer what was promised and hides its presence on the user’s device to go unnoticed.
This stealth ability is what makes it different from other recent TrojanSMS campaigns. In the background, the malware sends the user’s phone data, such as the model, number, carrier, or location, to a server.
